sistematico/certbot setup guideline.md

## certbot setup guideline.md

      
    Raw
  

              certbot setup guideline.md
            
          
    Certbot auto renew SSL guideline for CentOS 6, 7

Sign a ssl cert and renew by cronjob.
Prerequisite

softwares:

wget
nginx
nano

configuration:

open iptables 443 port

Step 1 - mkdir

mkdir -p /home/certbot
Step 2 - Download certbot

cd /home/certbot
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
Step 3 - Sign the cert

/home/certbot/certbot-auto --nginx \
--agree-tos --no-eff-email --email {YOUR EMAIL FOR RECIVE CERT RELATED NOTIFICATIONS}
follow the instruction, choose the domain(s) listed on the terminal to sign the cert(s)
Then there should be a success notification shown on the terminal, eg:
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/{YOUR MAIN DOMAIN}/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/{YOUR MAIN DOMAIN}/privkey.pem
   Your cert will expire on 2018-09-06. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Reload nginx
service nginx reload
Step 4 - Test renew SSL Cert

/home/certbot/certbot-auto renew --dry-run
Step 5 - Setup Cronjob for auto renew

crontab -e
Contents:
0 0,12 * * * /home/certbot/certbot-auto renew --renew-hook "service nginx reload"
about cron config, fyr:
https://crontab.guru/
References

https://certbot.eff.org/lets-encrypt/centos6-nginx
https://certbot.eff.org/docs/using.html#renewing-certificates
https://gist.github.com/cecilemuller/a26737699a7e70a7093d4dc115915de8
https://www.tecmint.com/how-to-enable-epel-repository-for-rhel-centos-6-5/